## cd_fail2ban::params.pp # Module name: cd_fail2ban # Author: Arne Teuke (arne_teuke@confdroid.com) # License: # This file is part of cd_fail2ban. # # cd_fail2ban is used for providing automatic configuration of Fail2Ban # Copyright (C) 2017 confdroid (copyright@confdroid.com) # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # @summary Class holds all parameters for the cd_fail2ban module and is # inherited by all classes except defines. # @param [string] pkg_ensure # which [package type](https://confdroid.com/2017/05/puppet-type-package/) # to choose, i.e. `latest` or `present`. # @param [boolean] fn_manage_config Whether to manage the fail2ban # configuration files. If set to false, fail2ban will be installed, but the # configuration will not be managed. # @param [string] fn_enable_service Whether to enable/start or disable/stop # the fail2ban service. Valid options are `running` or `stopped`. # @param [string] fn_loglevel Set the log level output. Valid options are # `CRITICAL`,`ERROR`,`WARNING`,`NOTICE`,`INFO` and `DEBUG`. # @param [string] fn_logtarget Set the log target. This could be a file, # SYSLOG, STDERR or STDOUT. Only one log target can be specified. # @param [string] fn_syslogsocket Set the syslog socket file. Only used when # logtarget is SYSLOG. auto uses platform.system() to determine predefined # paths Valid options: [ auto | FILE ]. # @param [string] fn_socket Set the socket file to communicate with the daemon. # @param [string] fn_pidfile Set the PID file to store the process ID of the # fail2ban server. # @param [string] fn_dbfile file for the fail2ban persistent data to be stored. # A value of ":memory:" means database is only stored in memory # and data is lost when fail2ban is stopped. # A value of "None" disables the database. # @param [string] fn_dbpurgeage age in seconds at which bans should be purged # from the database. ############################################################################## class cd_fail2ban::params ( $pkg_ensure = 'latest', $fn_manage_config = true, $fn_enable_service = 'running', $fn_loglevel = 'INFO', $fn_logtarget = 'SYSLOG', $fn_syslogsocket = 'auto', $fn_socket = '/var/run/fail2ban/fail2ban.sock', $fn_pidfile = '/var/run/fail2ban/fail2ban.pid', $fn_dbfile = '/var/lib/fail2ban/fail2ban.sqlite3', $fn_dbpurgeage = '86400', ) { # installation section $reqpackages = $::operatingsystem ? { /(?i-mx:centos|fedora|redhat)/ => ['fail2ban','fail2ban-firewalld', 'fail2ban-sendmail', 'fail2ban-server.noarch'], } # service $fn_service = 'fail2ban' # directories $fn_main_dir = '/etc/fail2ban' $fn_action_d_dir = "${fn_main_dir}/action.d" $fn_fail2ban_d_dir = "${fn_main_dir}/fail2ban.d" $fn_filter_d_dir = "${fn_main_dir}/filter.d" $fn_jail_d_dir = "${fn_main_dir}/jail.d" $fn_var_lib_dir = '/var/lib/fail2ban' $fn_var_run_dir = '/var/run/fail2ban' # files $fn_fail2ban_conf_file = "${fn_main_dir}fail2ban.conf" $fn_fail2ban_conf_erb = 'cd_fail2ban/fail2ban_conf.erb' $fn_fail2ban_local_file = "${fn_main_dir}fail2ban.local" $fn_fail2ban_local_erb = 'cd_fail2ban/fail2ban_local.erb' # includes must be last include cd_fail2ban::main::config }